DHCPv6 thoughts? [FIXED]

skogs

So just for giggles, I've always had DHCPv6 on. Old system and new kea system. Neither would ever actually show dhcpv6 leases on the log. For giggles I set my workstation up to 'ONLY dhcpv6" for dhcp address setup. Suddenly v6 lease shows up in pfsense log appropriately. Thats super.

Unfortunately IPv6 wasn't actually very functional. Testing it would give a score of like 3/17 instead of 15/17 like 'automatic' whatever that does for me.

So I think the dhcp prefix is set correctly with a /64 (colorado comcast service) with an appropriately obvious local range. DNS is specified as the internal side of a pfsense.

I tried a few different little things, but deep down the system will autoconfigure and work perfectly without the local lease server. Anybody have thoughts on what might make the setup more functional?

johnpoz

@skogs said in DHCPv6 thoughts?:

like 3/17 instead of 15/17

Where are you testing where there is 17 things it checks? I know of https://test-ipv6.com/

But I thought it only did 10..

Are you testing here https://ipv6-test.com/ they show like 20.. But can get them all to pass, had to setup a PTR for my IP, that you might not be able to do with your ISP.. And had to allow ping through the firewall

If you show your results and what is not passing we can most likely figure out to either get them to pass, or at least know that they shouldn't etc..

edit: btw this is how I normally run.

But its simple click in windows to enable IPv6.. I like the statement they won't be able to reach Ipv6 only sites ;) Name one! just one! that isn't some dark web, or someone serving up something off their home connection that ISP doesn't give them an IPv4 address other than cgnat.. Be asking here for years and years to name just one resource that your typical user would actually want/need to get to that is IPv6 only..

skogs

@johnpoz
It was indeed ipv6-test.com and totals were out of 20.

I'm perfectly ok with 17/20 as I don't need to be exposing hostnames or be pingable.

Yes and 6 isn't really a need...hence the several years of scratching my head about why leases never seemed to take and not caring enough to ask. Just last night I decided to ask. I know DHCP for 6 doesn't actually need a server at all; it just has a few use cases of being able to positively identify a certain ipv6 address immediately with a device and/or ensure that device isn't trying to skirt around an IPv4 block (aka IoT items that phone home for zero reason are blocked entirely...except on ipv6). Obviously other techniques are more effective, I was just curious if there was an easy answer that I was missing.

johnpoz

@skogs I played a bit trying to get my windows machine to use dhcpv6.. its a pain that ass to even find your duid ;)

So your saying when you use dhcpv6 you only get 3 out of 20? While IPv6 is the future, and I keep my hand on it - still waiting for actual valid "need" for your typical home user, other than lab.. But happy to help you work through any problems your having. And agree you don't need ping to work nor your PTR set on your IP ;) I just allowed for it since it is pretty simple to do. At least with HE where they allow you easy setup your PTRs for any IPs you want out of the /48 they give you.

Me and the local cheerleader for IPv6 butt heads now and then - but my current advice to typical users, if you do not have a valid "need" for it.. And you are not ready to dive head first into the weeds on it, the simple solution is to just turn it off. Your not going to slow down the snails pace of IPv6 adoption that is for sure.

The big issue with lack of IPv4 has for the most part been mitigated when most if the phone carriers switched over to IPv6 for your phones and using 464XLAT.. Its going to be a long time until some company like amazon or facebook or google turn off IPv4 and say you need IPv6 to talk to us that is for damn sure.

As I mentioned - I am still waiting for just one example of some site/service that requires IPv6.. Shoot you would of thought it would of been a boom for the P2P games - saying hey you can play head to head easy peasy you just need IPv6.. And that hasn't even happened yet.. It would for sure remove any issues with UPnP being needed, or cgnat being a problem or issues with the same users at the same location wanting to all play together in the same server, etc.

My isp doesn't even provide IPv6, only way I can get it is via a HE tunnel. Which does have advantages anyway - I get a /48 that doesn't change, I can easy set my PTRs etc.. And takes all of couple of minutes to setup and can just use static on my local interfaces on pfsense, etc. No need to "track" some prefix my isp delegates to me.

skogs

@johnpoz
Over the last ~30 days or so, 16.95% of my logged internal traffic is IPv6.

All exclusively fe80 source to ff02::1 or ff02::16 just doing local discovery.

One of these days it will log actual operational/outbound traffic. :)

skogs

Ahem...
I read the instructions.

Services >> Router Advertisement >> pick correct item .... leases show up....and traffic works...